Markowsky Research Overview 05/20/21. Research Overview

(1)

Research Overview

Dr. George Markowsky Department of Computer Science Missouri University of Science & Technology

Research Overview

• Two main areas

• CS Theory & Mathematics

• Algorithms

• Combinatorics

• Foundations of Computing

• Quantum Computing

1

(2)

High-level Cybersecurity 2

Cybersecurity

A High-Level Perspective

Dr. George Markowsky

Missouri University of Science & Technology

https://www.statista.com/statistics/615450/cybersecurity-spending-in-the-us/ 3

4

(3)

The loss is 7.5 times what we spend on cybersecurity!

5

(4)

7

8

(5)

What is Going On Here?

• We spend ever more money for cybersecurity

• Our losses continue to mount and grow annually

• There is no end in sight

• What can we do?

9

(6)

Return to First Principles

1. Know Your Enemy

a. Who Is Attacking You and Why? 2. Know Yourself

a. What are Your Vulnerabilities? b. The Internet of Things

3. Making the Abstract Concrete

Know Your Enemy

11

12

(7)

Multi-Level Cyber Struggle

The levels are not independent!

INSIDER THREATS!

Watch for Insiders and Trickery

13

(8)

Cyberwar

• I would argue that we are currently engaged is a rather active cyberwar – I have a talk available on the concept of cyberwar

• Do you think that criminal gangs can operate in Russia and China without the government knowing all about them?

15

16

(9)

Know Yourself

17

(10)

Most Common Causes of Data Breach

• Weak and Stolen Credentials, a.k.a. Passwords

• Back Doors, Application Vulnerabilities

• Malware

• Social Engineering

• Too Many Permissions

• Insider Threats

• Improper Configuration and User Error

The Main Problem

• Your own people!

• Security is a bother

• Security is too abstract

• Complacency

• Hopelessness

• Do you think that the annual "cybersecurity training" at S&T is sufficient?

• This is not to say, that there not technological problems – will return to this later

19

20

(11)

Making the Abstract Concrete

Cybersecurity is Too Abstract

• Most people do not have a good intuitive grasp of cybersecurity

• I believe that it is helpful to offer people physical models, so they better understand the issues

• As we know, people respond emotionally to the concept of a "wall" and believe that walls offer security

21

(12)

https://commons.wikimedia.org/wiki/File:GreatWall_2004_Summer_1A.jpg

https://en.wikipedia.org/wiki/Maginot_Line#/media/File:Maginot_Line_ln-en.svg 23

24

(13)

Castles

• Castles provide another metaphor for security

• Unfortunately, people think that they understand castles, but many people have the most simplistic ideas of castles

• Castles were the logical product of hundreds of years experience in defense and incorporated a large number of useful defensive

concepts that can be adapted to cybersecurity

• I have a number of papers written on the subject of the cybercastle and how one can build better cyberdefenses based on historical ideas of security

25

(14)

High-level Cybersecurity 14 RIVER

Outer Ward Inner Ward

Fortified Town

Unfortified Town

Gate

Moat Drawbridge

Outer Wall Town Wall

Start with an overall plan

Clever Use of Topography

https://commons.wikimedia.org/wiki/File:Let_vrtulnikem11_-_hrad_Srebrenik_(13.-18._stol.)_jeste_lepe.jpg Srebrenik Fortress in

Srebrenik, Bosnia, inaccessibility of location with only a narrow bridge traversing deep canyon provides excellent protection. 27

28

(15)

Notice the Inner Walls Are Taller!

https://commons.wikimedia.org/wiki/File:Beaumaris_aerial.jpg Beaumaris Castle with

curtain walls between the lower outer towers and higher inner curtain walls between the higher inner towers.

Defending the Entrance

29

(16)

• arrow loop

• bailey

• barbican

• bartizan

• batter

• battlement

• brattice

• chapel

• chemise

• corbel

• corner tower

• covered parapet walk

• crenelation

• curtain wall

• drawbridge

• embrasure

• flanking tower

• footbridge

• foundation

• garderobe

• great hall

• hoarding

• inner curtain

• inner ward

• keep

• lists

• machicolation

• merlon

• moat

• outer curtain

• outer ward

• palisade

• parapet walk

• pinnacle

• portcullis

• postern

• postern gate

• putlog hole

• rampart

• stockade

• truss

• turret

• wall walk

See also http://www.castlesontheweb.com/glossary.html

Lessons From The Cyber-Castle

• Have a good plan for entire "city" and not just for the castle – secure network topology

• Defense must be active

• Concentric defenses

• Inner defenses should support outer defenses

• Plan good foundations

• Have removable bridges, pathways

• Use guile and deceit where possible

• Direct your attackers where you want them to go

• Know your attackers

31

32

(17)

Common Sense Defenses

• Lock your doors (gates)! Bar your windows!

• How many doors or windows does your cybercastle have?

• More importantly, what constitutes a door or a window in a cybercastle?

• How can you lock or bar it, if you don't know what it is?

33